Title :
Clustering IDS alarms with an IGA-based approach
Author :
Wang, Jianxin ; Cui, Baojiang
Author_Institution :
Sch. of Informatin, Beijing Forestry Univ., Beijing, China
Abstract :
Intrusion detection systems generally overload their human operators by triggering per day thousands of alarms, most of which are false positives. Klaus Julisch put forward a clustering method effectual of eliminating false positives and finding root causes. But he proved that the clustering problem is unfortunately NP-complete. In this paper, an immune genetic algorithm is proposed to conquer the NP-complete clustering problem. The ad hoc strategy of generating antibodies and computing their density is proposed. The coding scheme and genetic operations including selection, crossover, and mutation are discussed in detail. The IGA´s local searching ability is improved by combining it with discrete gradient method. The results obtained by several tests are quite encouraging, including that the immune operator contributes much to solve the problem of premature convergence. Compared to a simple GA-based algorithm, the IGA-based one is able to generate higher-quality clusters within shorter period of time.
Keywords :
computational complexity; genetic algorithms; gradient methods; pattern clustering; search problems; security of data; IDS alarm clustering; IGA-based approach; NP-complete clustering problem; ad hoc strategy; coding scheme; crossover operation; discrete gradient method; immune genetic algorithm; intrusion detection system; local search; mutation operation; selection operation; Clustering algorithms; Clustering methods; Convergence; Genetic algorithms; Genetic mutations; Gradient methods; Humans; Immune system; Intrusion detection; Testing;
Conference_Titel :
Communications, Circuits and Systems, 2009. ICCCAS 2009. International Conference on
Conference_Location :
Milpitas, CA
Print_ISBN :
978-1-4244-4886-9
Electronic_ISBN :
978-1-4244-4888-3
DOI :
10.1109/ICCCAS.2009.5250447
